MDKSA-2000:047

Problem description

A bug exists in two PAM modules: pam_smb and pam_ntdom. They are
pluggable authentication modules that allow authentication of usernames
and passwords in PAM-compatible environments against Windows and Samba.
Both modules contain remotely exploitable stack buffer overflows. This
bug allows an attacker to execute arbitary code as root. The versions
affected are: pam_smb < 1.1.6 and pam_ntdom < 0.24.
Linux-Mandrake does not ship with either the pam_smb or pam_ntdom
modules and is therefore not vulnerable to this exploit. Linux-Mandrake
users who have installed this package on their own are encouraged to
upgrade to the latest versions available:
pam_smb 1.1.6 at ftp://ftp.samba.org/pub/samba/pam_smb/
pam_ntdom 0.24 at http://cb1.com/~lkcl/pam-ntdom/